Re: [libvirt] [PATCH] selinux: Use raw contexts
On 10/12/2012 08:39 AM, Martin Kletzander wrote:
We are currently able to work only with non-translated SELinux
contexts, but we are using functions that work with translated
contexts throughout the code. This patch swaps all SELinux context
translation relative calls with their raw sisters to avoid parsing
problems.
The problems can be experienced with mcstrans for example.
Thanks Laurent Bigonville for finding this out.
---
configure.ac | 4 ++--
src/security/security_selinux.c | 26 +++++++++++++-------------
src/storage/storage_backend.c | 2 +-
tests/securityselinuxhelper.c | 6 +++---
tests/securityselinuxtest.c | 2 +-
5 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/configure.ac b/configure.ac
index bcdea9c..08dc63d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1440,14 +1440,14 @@ if test "$with_selinux" != "no"; then
old_libs="$LIBS"
if test "$with_selinux" = "check"; then
AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no])
- AC_CHECK_LIB([selinux], [fgetfilecon],[],[with_selinux=no])
+ AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no])
On my F17 box, 'man fgetfilecon' has a listing, but 'man
fgetfilecon_raw' does not. What is the difference between these
functions, and how far back into the past does fgetfilecon_raw exist?
Do we need to make this patch conditional, and fall back on fgetfilecon
(as it is better than nothing) on older systems that lack the *_raw
variants?
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 617 bytes)